Publication: 08/07/2024
Introducing the Web3 Security Coalition
GET IN TOUCH
“I won’t attack there, it’s not in scope” - said no attacker ever.
The Web3 Security Coalition is beginning as a strategic partnership between FYEO and Trugard to offer to users, investors, and researchers in Web3 a comprehensive threat intelligence platform that combines insights from both blockchain-based smart contracts and traditional web domains. The thesis is simple: phishing contracts powering phishing domains == assets stolen, so it’s time for truly holistic security.
Here's an outline of how Web3 enthusiasts and investors can benefit from such an advanced data offering:
- Enhanced threat detection:
- Correlate risky smart contracts with suspicious domains
- Identify patterns between malicious on-chain activities and off-chain phishing attempts
- Improved asset protection:
- Warn users about potentially harmful smart contracts and associated phishing sites
- Provide a more holistic view of threats targeting crypto users and investors
- Fraud prevention:
- Track the movement of stolen funds from smart contract exploits to cash-out points
- Identify and blacklist domains associated with known malicious smart contracts
- Regulatory compliance:
- Offer a more comprehensive solution for AML (Anti-Money Laundering) and KYC (Know Your Customer) processes
- Help crypto businesses comply with evolving regulations by providing a broader spectrum of risk data
- Research and trends:
- Analyze the relationship between smart contract vulnerabilities and phishing campaigns
- Provide valuable insights into the evolving tactics of crypto-focused cybercriminals
- User education:
- Develop resources to educate users about the interconnected nature of on-chain and off-chain risks
- Create awareness campaigns to promote safe practices in the crypto space
By combining our unique datasets and expertise, FYEO and Trugard offer a powerful joint solution that addresses the complex and interconnected nature of threats in the cryptocurrency ecosystem. This exciting partnership is particularly valuable as the lines between traditional finance, web-based services, and blockchain technologies continue to blur.
The Emergence of Decentralized Business Risk
The connection between a phishing smart contract and a phishing website is an example of how on-chain and off-chain threats can work in tandem. Let's break this down:
- Smart Contract Setup:
- A malicious actor creates a smart contract on an EVM-compatible blockchain (e.g., Ethereum).
- This contract is designed to look legitimate but contains hidden functions that allow the attacker to drain funds or manipulate token balances.
- Phishing Website Creation:
- The same actor sets up a website that mimics a popular DeFi platform, NFT marketplace, or crypto exchange.
- The website's frontend is designed to look identical to the legitimate site it's impersonating.
- Integration:
- Instead of connecting to the real platform's smart contracts, the phishing site interfaces with the malicious smart contract.
- The website might prompt users to "connect their wallet" or "approve" a transaction, which actually interacts with the phishing contract.
- User Deception:
- Victims are lured to the phishing website through various means (e.g., fake ads, social media posts, or typosquatting domains).
- Believing they're on a legitimate platform, users interact with the site, unknowingly sending transactions to the malicious smart contract.
- Exploitation:
- When users approve transactions or transfer funds, the phishing contract executes its hidden malicious functions.
- This could involve stealing funds, minting worthless tokens, or granting the attacker control over the victim's assets.
- Obfuscation:
- The phishing website might display fake transaction confirmations or account balances to delay the discovery of the theft.
- Meanwhile, the smart contract might use techniques like flash loans or multiple contract interactions to quickly move or launder stolen funds.
- Propagation:
- Successful attacks might be used to fund more sophisticated phishing campaigns or develop more complex malicious smart contracts.
This synergy between phishing contracts and websites demonstrates why a combined approach to threat intelligence is crucial. The first company's database of risky smart contracts could flag the malicious contract, while the second company's domain intelligence could identify the associated phishing website. Together, they could provide a complete picture of the threat, potentially preventing users from falling victim to such schemes.
By correlating data from different sources, the partnership could also:
- Identify patterns in how phishing contracts and websites are typically structured
- Track the evolution of these threats over time
- Provide early warning systems for new phishing campaigns that use similar tactics
This holistic approach would be far more effective in combating crypto-related fraud than focusing on either on-chain or off-chain threats in isolation.
Deployer Risk
Monitoring the reputation of smart contract deployers is an added value offered by Trugard. This further level of detail delivers insights and benefits to the cryptocurrency ecosystem by in essence enabling a deployer “reputation”. Let's explore this in more detail:
- Historical Performance Tracking:
- By monitoring deployers, you can build a track record of their past contracts.
- This allows for identification of developers or entities with a history of creating vulnerable or malicious contracts.
- Risk Assessment:
- New contracts from deployers with poor reputations can be flagged for extra scrutiny.
- Users and investors can make more informed decisions about interacting with contracts based on the deployer's reputation.
- Accountability:
- Public reputation tracking encourages developers to prioritize security and best practices.
- It becomes harder for malicious actors to repeatedly deploy harmful contracts without consequences.
- Early Warning System:
- If a previously reputable deployer suddenly releases a suspicious contract, it could indicate a compromised account or a shift in intentions.
- This can serve as an early warning for potential threats.
- Trust Building:
- Developers and projects with consistently good reputations can build trust in the community.
- This can lead to increased adoption and investment in their protocols.
- Ecosystem Health:
- By discouraging bad actors and promoting good practices, the overall health and security of the blockchain ecosystem improves.
- Regulatory Compliance:
- In an increasingly regulated space, tracking deployer reputations can assist in due diligence processes.
- It can help identify potential links to illicit activities or sanctioned entities.
- Pattern Recognition:
- Analyzing deployer behavior over time can reveal patterns associated with legitimate vs. malicious activities.
- This data can be used to develop more sophisticated threat detection models.
- Community Contributions:
- Reputation systems could incorporate community feedback, allowing users to report suspicious activities.
- This crowdsourced approach can enhance the accuracy and timeliness of reputation assessments.
- Cross-Chain Intelligence:
- Tracking deployer reputations across multiple blockchains can provide insights into cross-chain attack patterns.
- It can help identify when malicious actors migrate their operations to new chains.
- Collaboration Opportunities:
- Reputable developers might find more opportunities for collaboration and funding.
- Projects may use deployer reputations as part of their vetting process for partnerships or integrations.
- Education and Improvement:
- Developers can learn from the mistakes and successes of others based on reputation data.
- This can lead to overall improvement in smart contract development practices.
By incorporating deployer reputation monitoring into FYEO’s and Trugard’s joint offering, customers are armed with an even more comprehensive risk assessment tool. This solution not only helps in identifying current threats but also in predicting and preventing future ones. It adds another layer of context to the analysis of smart contracts and associated web domains, making the combined intelligence even more powerful and actionable.
Tying it all together
Drawing a connection between a high-risk smart contract deployer and the operator of a phishing domain is a key aspect of comprehensive threat intelligence in the cryptocurrency space. This connection can reveal sophisticated attack patterns and provide valuable insights for security measures. Let's explore this relationship:
- Shared Infrastructure:
- A high-risk deployer might use the same or similar infrastructure to deploy smart contracts and host phishing domains.
- This could include using the same IP addresses, hosting providers, or domain registrars.
- Financial Trails:
- Funds from compromised smart contracts might be funneled to wallets associated with phishing domain operators.
- Cryptocurrency used to pay for domain registrations or hosting services might be traced back to wallets linked to malicious smart contracts.
- Timing Correlations:
- The deployment of high-risk smart contracts might coincide with the registration or activation of phishing domains.
- This temporal relationship could indicate a coordinated attack strategy.
- Targeting Patterns:
- Both the smart contracts and phishing domains might target the same projects, tokens, or user groups.
- For example, a fake token contract might be deployed around the same time as a phishing domain imitating the token's official website.
- Code Similarities:
- The code structure or specific functions in high-risk smart contracts might have similarities to scripts used on phishing websites.
- This could indicate the same individual or group is behind both the on-chain and off-chain components of the attack.
- Communication Channels:
- Investigations might reveal shared communication channels (e.g., Telegram groups, Discord servers) used to coordinate both smart contract deployments and phishing campaigns.
- Linguistic Analysis:
- The language used in smart contract comments or associated documentation might match the text on phishing websites.
- This could help identify attacks originating from the same threat actor.
- Exploit Techniques:
- The methods used to exploit victims through smart contracts might align with the tactics employed on phishing sites.
- For instance, both might use similar social engineering techniques or exploit the same vulnerabilities in user behavior.
- Wallet Addresses:
- The wallet addresses associated with high-risk deployers might be used in phishing scams or listed on phishing sites as "official" addresses.
- This direct link can strongly indicate a connection between the two threats.
- Evolution of Tactics:
- Observing how a high-risk deployer's tactics change over time might predict shifts in associated phishing strategies, and vice versa.
- This could help in preemptively identifying new threats.
- Geographic Data:
- If available, geographic data related to contract deployment and domain registration might show correlations.
- This could be particularly useful in identifying organized groups operating across multiple jurisdictions.
- Victim Overlap:
- Analyzing victim data might reveal that users who interacted with high-risk smart contracts are more likely to be targeted by specific phishing domains.
By connecting these dots, FYEO and Trugard offer customers the ability to:
- Understand more comprehensive threat profiles that span both on-chain and off-chain activities.
- Leverage predictive models to anticipate new attack vectors based on observed connections.
- Receive more accurate risk assessments by considering the full spectrum of an attacker's capabilities.
- Take advantage of enhanced protection to users by warning them of potential threats across multiple platforms and mediums.
This holistic approach to threat intelligence would be far more effective than treating smart contract risks and phishing domains as separate issues. It recognizes the interconnected nature of crypto-related threats and allows for more robust security measures and user protection strategies.
The future is connected. Learn more about a holistic security approach for your business in partnership with the Web3 Security Coalition.